Filtered by vendor Softing
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27334 | 1 Softing | 4 Edgeaggregator, Edgeconnector, Opc Ua C\+\+ Software Development Kit and 1 more | 2025-08-13 | N/A | 7.5 HIGH |
| Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498. | |||||
| CVE-2023-27335 | 1 Softing | 2 Edgeaggregator, Secure Integration Server | 2025-08-13 | N/A | 9.6 CRITICAL |
| Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504. | |||||
| CVE-2023-27336 | 1 Softing | 3 Edgeaggregator, Edgeconnector, Secure Integration Server | 2025-08-13 | N/A | 7.5 HIGH |
| Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508. | |||||
| CVE-2023-38125 | 1 Softing | 3 Edgeaggregator, Edgeconnector, Secure Integration Server | 2025-08-12 | N/A | 8.8 HIGH |
| Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542. | |||||
| CVE-2023-39478 | 1 Softing | 1 Secure Integration Server | 2025-08-12 | N/A | 8.8 HIGH |
| Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547. | |||||
| CVE-2023-39479 | 1 Softing | 1 Secure Integration Server | 2025-08-12 | N/A | 8.8 HIGH |
| Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548. | |||||
| CVE-2023-39480 | 1 Softing | 1 Secure Integration Server | 2025-08-12 | N/A | 6.5 MEDIUM |
| Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549. | |||||
| CVE-2023-39481 | 1 Softing | 1 Secure Integration Server | 2025-08-12 | N/A | 8.8 HIGH |
| Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20551. | |||||
| CVE-2023-39482 | 1 Softing | 3 Edgeaggregator, Edgeconnector, Secure Integration Server | 2025-08-12 | N/A | 6.5 MEDIUM |
| Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610. | |||||
| CVE-2023-37571 | 1 Softing | 1 Th Scope | 2025-06-20 | N/A | 6.1 MEDIUM |
| Softing TH SCOPE through 3.70 allows XSS. | |||||
| CVE-2023-41151 | 2 Microsoft, Softing | 4 Windows, Opc, Opc Ua C\+\+ Software Development Kit and 1 more | 2025-05-22 | N/A | 7.5 HIGH |
| An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | |||||
| CVE-2022-39823 | 1 Softing | 2 Opc, Opc Ua C\+\+ Software Development Kit | 2025-05-08 | N/A | 7.5 HIGH |
| An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | |||||
| CVE-2022-37453 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2025-05-08 | N/A | 7.5 HIGH |
| An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. | |||||
| CVE-2014-6616 | 1 Softing | 2 Fg-100 Profibus, Fg-x00 Profibus Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. | |||||
| CVE-2022-44018 | 1 Softing | 1 Uatoolkit Embedded | 2025-04-01 | N/A | 7.5 HIGH |
| In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | |||||
| CVE-2022-45920 | 1 Softing | 1 Uatoolkit Embedded | 2025-04-01 | N/A | 7.5 HIGH |
| In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. | |||||
| CVE-2024-0860 | 1 Softing | 2 Edgeaggregator, Edgeconnector | 2025-01-23 | N/A | 8.0 HIGH |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | |||||
| CVE-2023-38126 | 1 Softing | 1 Edgeaggregator | 2024-11-21 | N/A | 7.2 HIGH |
| Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543. | |||||
| CVE-2023-37572 | 1 Softing | 1 Opc | 2024-11-21 | N/A | 7.5 HIGH |
| Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted. | |||||
| CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | N/A | 5.9 MEDIUM |
| Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | |||||